Krebs on Security

JULY 24, 2019

Nearly three dozen journalists at a broad range of major publications have been targeted by a far-right group that maintains a Deep Web database listing the personal information of people who threaten their views. This group specializes in encouraging others to harass those targeted by their ire, and has claimed responsibility for dozens of bomb threats and “swatting” incidents, where police are tricked into visiting potentially deadly force on the target’s address.

Mobile 279

Mobile Government 279

Schneier on Security

JULY 24, 2019

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.

Encryption 269

Encryption Telecommunications Risk Government 269

Troy Hunt

JULY 26, 2019

What. A. Week. I've been in San Fran meeting with a whole bunch of potential purchasers for HIBP and it's been. intense. Daunting. Exciting. It's actually an amazing feeling to see my "little" project come to this where I'm sitting in a room with some of the most awesome tech companies whilst flanked by bankers in suits. I try and give a bit of insight into that in this week's video, keeping in mind of course that I'm a bit limited by how much detail I can go into right now.

Password Management 173

Password Management Passwords Authentication 173

Adam Levin

JULY 25, 2019

The U.S. National Security Agency announced the formation of a new Cybersecurity Directorate earlier this week. Effective October 1, the directorate’a mission is will be the creation of a “major organization that unifies NSA’s foreign intelligence and cyber defense missions,” according to the agency’s website. It will be led by Anne Neuberger, the former NSA deputy director of operations and lead of the Russia Small Group.

Cybersecurity 169

Cybersecurity Government 169

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

JULY 22, 2019

Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans. Here’s a brief primer that attempts to break down what this settlement means for you, and what it says about the value of your identity.

Data breaches 262

Data breaches Identity Theft Banking Cybercrime 262

Schneier on Security

JULY 22, 2019

More nation-state activity in cyberspace, this time from Russia : Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include: Nautilus -- a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).

Media 230

Media Internet Internet Accountability 230

Adam Levin

JULY 22, 2019

Equifax has reached a settlement for the 2017 data breach that exposed the Social Security numbers and personal information of nearly 150 million people. The proposed deal with the U.S. Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission and attorneys representing 48 states would cost the company a maximum of $700 million and would bring to a close several investigations as well as settle all class action lawsuits against the company. . $175 million of the proposed fine wou

Data breaches 157

Data breaches Identity Theft Technology Cybersecurity 157

Krebs on Security

JULY 25, 2019

Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.

Media 205

Media Accountability Mobile Authentication 205

Schneier on Security

JULY 24, 2019

According to a survey : "68% of the security professionals surveyed believe it's a programmer's job to write secure code, but they also think less than half of developers can spot security holes." And that's a problem. Nearly half of security pros surveyed, 49%, said they struggle to get developers to make remediation of vulnerabilities a priority. Worse still, 68% of security professionals feel fewer than half of developers can spot security vulnerabilities later in the life cycle.

Software 223

Software 223

Adam Shostack

JULY 26, 2019

There was a really interesting paper at the Workshop on the Economics of Information Security. The paper is “ Valuing CyberSecurity Research Datasets.” The paper focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes the research that’s done. On its way to that valuation, a very useful contribution of the paper is the analysis of types of research data which exist, and the purposes for which it can be used: Note that there has b

Cybersecurity 133

Cybersecurity Technology Information Security Risk 133

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

JULY 24, 2019

If ever the shrug emoji belonged in a blog post, today is the day. The tech giant reached a $5 billion settlement for misrepresenting the way it handles user privacy, the SEC fined it $100 million for lying to investors about the risks associated with the misuse user information, and, still later in the day, Facebook admitted that it was the target of an FTC anti-trust investigation.

Risk 114

Risk 114

Thales Cloud Protection & Licensing

JULY 23, 2019

From taking a shower, to brewing your coffee, and watching the news, your morning routine is fueled by the energy sector. If you’re like millions of other Americans, your TV is connected to the Internet and uses technology generated from the nation’s power grid. But the energy sector also underpins our emergency and response systems, our hospitals and healthcare, our schools, our businesses, and virtually everything we do as a society.

Energy and Utilities 103

Energy and Utilities Digital transformation Encryption Technology 103

Schneier on Security

JULY 23, 2019

The French army is going to put together a team of science fiction writers to help imagine future threats. Leaving aside the question of whether science fiction writers are better or worse at envisioning nonfictional futures, this isn't new. The US Department of Homeland Security did the same thing over a decade ago, and I wrote about it back then: A couple of years ago, the Department of Homeland Security hired a bunch of science fiction writers to come in for a day and think of ways terrorists

Technology 212

Technology Risk 212

Security Affairs

JULY 20, 2019

SyTech , a contractor for the Federal Security Service of the Russian Federation (FSB) has been hacked, attackers stole data about interna l projects. Attackers have hacked SyTech, a contractor for the Federal Security Service of the Russian Federation (FSB), and exfiltrated data about interna l projects. According to the Russian media, SyTech has been working with FSB since 2009, in particular, they contributed to several projects for FSB unit 71330 and for fellow contractor Quantum.

Data breaches 111

Data breaches Hacking Advertising Media 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

JULY 23, 2019

Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.

109

109

WIRED Threat Level

JULY 21, 2019

For all the attention on sophisticated nation-state attacks, the malware that’s most likely to hit your phone is much more mundane.

Adware 99

Adware Malware 99

Schneier on Security

JULY 26, 2019

Add to the "not very smart criminals" file : According to court documents, Tinley provided software services for Siemens' Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The spreadsheets included custom scripts that would update the content of the file based on current orders stored in other, remote documents, allowing the company to automate inventory and order management

Software 207

Software Hacking 207

Security Affairs

JULY 25, 2019

A new wave of cyber attacks carried out by a China-linked APT group hit German blue-chip companies BASF, Siemens, Henkel and others. On Wednesday, German blue-chip companies BASF, Siemens, Henkel along with a host of others confirmed they had been targeted by a wave of cyber attacks. German media reported that the cyber attacks were launched by China-linked cyberespionage group.

Cyber Attacks 111

Cyber Attacks Advertising Media Hacking 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

JULY 24, 2019

DEF CON's Voting Village and AI Village team up with r00tz Asylum to let kids explore simulated campaign financial disclosure portals and disinformation campaigns.

98

98

Threatpost

JULY 23, 2019

A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that's played on speakerphone, including calls, music and voice assistant responses.

Mobile 83

Mobile 83

WIRED Threat Level

JULY 26, 2019

A settlement with the FTC means Equifax will pay victims of its breach $125 or more. Make sure it pay ups.

107

107

Security Affairs

JULY 22, 2019

The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group ( OilRig , and HelixKitten. Greenbug ) through LinkedIn. Members of the cyberespionage group were posing as a researcher from Cambridge and asking victims to join their social network.

Malware 108

Malware Advertising Phishing Government 108

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

JULY 22, 2019

In the wake of recent fines levied against British Airways, Marriott, and Facebook, companies are starting to take data privacy and security more seriously.

Data privacy 87

Data privacy 87

Threatpost

JULY 23, 2019

A patch does not yet exist for a critical buffer overflow vulnerability in VLC Media Player that could enable remote code execution.

Media 94

Media 94

The Last Watchdog

JULY 22, 2019

147

147

Security Affairs

JULY 26, 2019

LibreOffice users have to know that their unpatched computers could be hacked by simply opening a specially crafted document. Bad news for LibreOffice users, the popular free and open-source office suite is affected by an unpatched remote code execution vulnerability. Recently, LibreOffice released the latest version 6.2.5 that addresses two severe flaws tracked as CVE-2019-9848 and CVE-2019-9849.

Hacking 108

Hacking Advertising Information Security 108

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

JULY 22, 2019

In a settlement with the FTC, consumers affected by the breach are eligible for up to $20,000 in a cash settlement, depending on damages they can prove.

Data breaches 88

Data breaches 88

Threatpost

JULY 24, 2019

In the second of a two part series discussing recent ransomware attacks against municipalities, Shawn Taylor with Forescout talks about how cities can protect themselves.

Ransomware 76

Ransomware Malware Cybersecurity 76

WIRED Threat Level

JULY 22, 2019

Last week’s US strike of an Iranian drone is the first reported successful use of LMADIS, the Marines’ new energy weapon.

92

92

Security Affairs

JULY 22, 2019

New problems for Huawei, t he Czech unit of telecoms giant secretly collected personal data customers, officials and business partners. Huawei made the headlines again, according to the Czech public radio the Czech unit of Chinese telecoms giant secretly collected personal data of customers, officials, and business partners. The radio cited two former Huawei managers as the source, the duo speaking on condition of anonymity revealed that Huawei required them to enter the data into computer syste

Manufacturing 106

Manufacturing Internet Internet Advertising 106

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity